{"id":"CVE-2022-34530","details":"An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.","modified":"2026-07-08T06:01:20.660268Z","published":"2022-08-01T19:24:37Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34530.json"},"references":[{"type":"WEB","url":"http://backdrop.com"},{"type":"WEB","url":"https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/34xxx/CVE-2022-34530.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34530"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/backdrop/backdrop","events":[{"introduced":"0"},{"last_affected":"e6aae124678820b45cce2a8cda7b9021491e2418"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:backdropcms:backdrop_cms:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.22.0"}]}}],"versions":["1.22.0","1.22.0-preview","1.21.0","1.21.0-preview","1.20.0","1.20.0-preview","1.19.0","1.19.0-preview","1.18.0","1.18.0-preview","1.17.0","1.17.0-preview","1.16.0","1.16.0-preview","1.15.0","1.15.0-preview","1.14.0","1.14.0-preview","1.13.0-preview","1.11.0","1.10.0","1.7.0","1.7.0-preview","1.6.0","1.5.1","1.5.0","1.4.3","1.4.2","1.4.1","1.4.0","1.3.5","1.3.4","1.3.3","1.3.2","1.3.1","1.3.0","1.2.0","1.1.0","v1.0.3","v1.0.2","v1.0.1","v1.0.0","v1.0.0-preview"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34530.json"}}],"schema_version":"1.7.5"}